[Openstack] Help needed to understand keystone
Volodymyr Litovka
doka.ua at gmx.com
Fri Dec 15 08:15:11 UTC 2017
Hi Chengwei,
You can create as much roles as you want and create/modify rules in
policy.json (can be found in /etc/keystone and other configuration
directories of Openstack modules) to put these roles into reality
And there is no notion 'project admin'. Unfortunately, in Keystone
everybody who has role 'admin' is entire Openstack admin, not project's.
Be aware :)
On 10/19/17 8:22 AM, Chengwei Yang wrote:
> Hi list,
>
> I'm recently learn keystone and got some questions below, thanks any reply in advance!
>
> 1. It seems that there are only 2 kinds of roles, regardless how many
> roles you created, all of them should be non-admin or admin, am I right?
>
> 2. If I was wrong, how to create a role with specific capabilities?
>
> 3. Is it possible to assign some project admin privileges to user or group?
> so far I see only the admin created by keystone-bootstrap with
> capabilities to manage project(create, delete and etc.)
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171215/b4eda7f0/attachment.html>
More information about the Openstack
mailing list